Re: Migration TeX/LaTeX: from teTeX -- TeXlive
On 09/15/2013 02:00 PM, Roland Smith wrote: Personally I don't think TeX is a good fit for the ports tree (because of duplication of effort). I installed TeXLive using its own installer long before it was present in the ports tree. Since TeXLive is very complete and self-contained, I don't have other ports that depend on TeX. +1 My TeX dependency and maintenance problems all but disappeared when I moved to the freestanding TeXLive installation. I run a nightly cron job to get the latest updates via tlmgr and it works like a charm. -- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Since SquirrelMail Looks Like It Will Never Be Supported Again...
SquirrelMail seems to be forever on hold because of an incompatibility with PHP 5. So I am going to have to replace it as our Webmail interface. So, I'm looking for recommendation from the tribe here on what I should use instead: 1) Easy to use. Mostly this gets used by people when they are away from the office and then only occasionally. 2) It would be really nice if the program could import the Thunderbird Address Book. 3) Easy to install and maintain. TIA, Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: texlive and package updating
On 08/09/2013 11:36 AM, Jerry wrote: Port: texlive-full-20120701 Path: /usr/ports/print/texlive-full Info: TeX Live, Full Version Maint: h...@freebsd.org With: TEX_DEFAULT=texlive placed in the /etc/make.conf file. My question is how do I update the packages since the package updater has apparently been deliberately disabled? I install/update dozens of packages each week on my Windows machine, so I know that they are available. Also. all of the *-freebsd-doc-* ports are bonked due to the use of texlive. Is there any headway being made on that front? I've given up on all OS distribution-based TexLive drops. I install texlive manually from their installer and then run tlmgr under cron control nightly to keep it up-to-date. I do this on FreeBSD (my primary dev and server platform) as well as all linux instances in my environment. It makes things a lot simpler. - Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
FreeBSD Appliance Questions
I am working on an NAS appliance built on FreeSBD. Several questions: - The vendor has rebranded everything so uname isn't helping me determine what exact branch of FreeBSD they used. Is there another canonical way to figure this out? - For any reasonably recent version of FBSD, is it likely that the Linux emulation will work correctly or are there certain versions of FreeBSD that do this better than others? Thanks, -- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD Appliance Questions
On 06/28/2013 05:27 PM, Tim Daneliuk wrote: I am working on an NAS appliance built on FreeSBD. Several questions: - The vendor has rebranded everything so uname isn't helping me determine what exact branch of FreeBSD they used. Is there another canonical way to figure this out? - For any reasonably recent version of FBSD, is it likely that the Linux emulation will work correctly or are there certain versions of FreeBSD that do this better than others? Thanks, Oh one more thing - does anyone have experience - good or bad - with installing and running the Tivoli TSM Client software under the FreeBSD Linux emulation? -- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD Appliance Questions
On 06/28/2013 05:31 PM, Outback Dingo wrote: On Fri, Jun 28, 2013 at 6:28 PM, Tim Daneliuk tun...@tundraware.com mailto:tun...@tundraware.com wrote: On 06/28/2013 05:27 PM, Tim Daneliuk wrote: I am working on an NAS appliance built on FreeSBD. Several questions: - The vendor has rebranded everything so uname isn't helping me determine what exact branch of FreeBSD they used. Is there another canonical way to figure this out? - For any reasonably recent version of FBSD, is it likely that the Linux emulation will work correctly or are there certain versions of FreeBSD that do this better than others? Thanks, Oh one more thing - does anyone have experience - good or bad - with installing and running the Tivoli TSM Client software under the FreeBSD Linux emulation? would help to know the manufacturer, might be able to help nail down the version of the OS It is an EMC/Isolon but I'm not sure which model. Still looking into it. -- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD Appliance Questions
On 06/28/2013 05:46 PM, Outback Dingo wrote: research shows http://en.wikipedia.org/wiki/OneFS_distributed_file_system D'oh. I looked it up under Isolon but not OneFS. -- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Cannot Update Source Tree After Move To Subversion 1.8
On 06/24/2013 04:58 PM, Tim Daneliuk wrote: On 06/24/2013 03:20 PM, Matthew Seaman wrote: On 24/06/2013 20:28, Tim Daneliuk wrote: After the update to svn 1.8, I did a new svn co of the FBSD 9-STABLE source branch. When I try to do an update to it, I see this now: svn: E155005: Working copy not locked at /usr/scr svn co svn://svn.freebsd.org/base/stable/9 /usr/src /usr/src is a symlink to another directory in a separate filesystem, but this historically worked, so I'm guess that is not the problem. Ideas? svn upgrade Hm [root] ozzie ~svn upgrade /usr/src [root] ozzie ~svn update /usr/src svn: E155004: Run 'svn cleanup' to remove locks (type 'svn help cleanup' for details) svn: E155004: Working copy '/usr1/src-9-STABLE' locked. svn: E155004: '/usr1/src-9-STABLE' is already locked. [root] ozzie ~svn cleanup /usr/src [root] ozzie ~svn update /usr/src Updating '/usr/src': svn: E155005: No write-lock in '/usr/src/sys' svn: E155005: Additional errors: svn: E155005: Working copy not locked at '/usr/src'. It seems that svn 1.8 does not like symlinks. I have this: /usr/src - /usr1/src-9-STABLE I can do this fine: svn update /usr1/src-9-STABLE But this causes svn to dump core: svn update /usr/src At which point I have to do a cleanup to get the locks cleared out. -- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Cannot Update Source Tree After Move To Subversion 1.8
After the update to svn 1.8, I did a new svn co of the FBSD 9-STABLE source branch. When I try to do an update to it, I see this now: svn: E155005: Working copy not locked at /usr/scr svn co svn://svn.freebsd.org/base/stable/9 /usr/src /usr/src is a symlink to another directory in a separate filesystem, but this historically worked, so I'm guess that is not the problem. Ideas? -- --- Tim Daneliuk ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Cannot Update Source Tree After Move To Subversion 1.8
On 06/24/2013 03:20 PM, Matthew Seaman wrote: On 24/06/2013 20:28, Tim Daneliuk wrote: After the update to svn 1.8, I did a new svn co of the FBSD 9-STABLE source branch. When I try to do an update to it, I see this now: svn: E155005: Working copy not locked at /usr/scr svn co svn://svn.freebsd.org/base/stable/9 /usr/src /usr/src is a symlink to another directory in a separate filesystem, but this historically worked, so I'm guess that is not the problem. Ideas? svn upgrade Hm [root] ozzie ~svn upgrade /usr/src [root] ozzie ~svn update /usr/src svn: E155004: Run 'svn cleanup' to remove locks (type 'svn help cleanup' for details) svn: E155004: Working copy '/usr1/src-9-STABLE' locked. svn: E155004: '/usr1/src-9-STABLE' is already locked. [root] ozzie ~svn cleanup /usr/src [root] ozzie ~svn update /usr/src Updating '/usr/src': svn: E155005: No write-lock in '/usr/src/sys' svn: E155005: Additional errors: svn: E155005: Working copy not locked at '/usr/src'. -- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Suddenly Seeing Clamav Errors After MailScanner Update
I am working on a FBSD 9.1-STABLE mail machine that's been working fine. After upgrading to MailScanner 4.84.5_3, we are now suddenly seeing like this: Clamd::ERROR:: UNKNOWN CLAMD RETURN ./lstat() failed: Permission denied. ERROR :: /var/spool/MailScanner/incoming/68340 Any ideas what might cause this? I have fallen back to the previous MailScanner.conf file wherein the problem does NOT seem to happen. But, after diffing old and new config files I cannot see where anything relevant to this might have changed. Ideas anyone? -- --- Tim Daneliuk ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Bourne shell if syntax
On 06/10/2013 01:53 PM, lcon...@go2france.com wrote: script fragment: PTR=`dig @some.dns +short +norec -x a.b.c.d` echo $PTR if [ $PTR ==] ; then echo $PTR /path/to/PTR_absent.txt fi === output for an IP: a-b-c-d.domain.net. [: a-b-c-d.domain.net.: unexpected operator Try this instead and see if this fixes it: if [ _$PTR == _ ] ; then --- Tim Daneliuk ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Bourne shell if syntax
On 06/10/2013 01:59 PM, dte...@freebsd.org wrote: -Original Message- From: owner-freebsd-questi...@freebsd.org [mailto:owner-freebsd- questi...@freebsd.org] On Behalf Of lcon...@go2france.com Sent: Monday, June 10, 2013 11:53 AM To: freebsd-questions@freebsd.org Subject: Bourne shell if syntax script fragment: PTR=`dig @some.dns +short +norec -x a.b.c.d` echo $PTR if [ $PTR ==] ; then if [ $PTR = ]; then or if [ -z $PTR ]; then or if [ $PTR ]; then but _NOT_ if [ $PTR == ]; then I work across a bunch of different OSs and shells of many vintages. As I recall, the -z argument has problems of portability on older/broken shells and/or is not available in all environments (I cannot recall which at the moment). So I achieve the same results by using a character sentinel that guarantees that the comparison always works: f [ _$PTR == _ ] ; then -- --- Tim Daneliuk ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Bourne shell if syntax
On 06/10/2013 02:10 PM, dte...@freebsd.org wrote: -Original Message- From: owner-freebsd-questi...@freebsd.org [mailto:owner-freebsd- questi...@freebsd.org] On Behalf Of Tim Daneliuk Sent: Monday, June 10, 2013 12:06 PM To: freebsd-questions@freebsd.org Subject: Re: Bourne shell if syntax On 06/10/2013 01:59 PM, dte...@freebsd.org wrote: -Original Message- From: owner-freebsd-questi...@freebsd.org [mailto:owner-freebsd- questi...@freebsd.org] On Behalf Of lcon...@go2france.com Sent: Monday, June 10, 2013 11:53 AM To: freebsd-questions@freebsd.org Subject: Bourne shell if syntax script fragment: PTR=`dig @some.dns +short +norec -x a.b.c.d` echo $PTR if [ $PTR ==] ; then if [ $PTR = ]; then or if [ -z $PTR ]; then or if [ $PTR ]; then but _NOT_ if [ $PTR == ]; then I work across a bunch of different OSs and shells of many vintages. As I recall, the -z argument has problems of portability on older/broken shells and/or is not available in all environments (I cannot recall which at the moment). So I achieve the same results by using a character sentinel that guarantees that the comparison always works: f [ _$PTR == _ ] ; then Character sentinels are not required. FreeBSD's sh(1) knows (because [ is a built-in) that when you quote a parameter, that it is not (even if the value begins with -) not an operator. That wasn't really my point. I use sentinels because in the face of an empty string this: if [ $PTR = ] Actually evaluates to: if [ = ] Which throws an error. The character sentinel avoids this without having to use -z, which as I said, I've had problems with not being too portable across older machinery. All work as expected. It matters not the value of $foo. sh(1) in FreeBSD knows because of the double-quotes that it is not an operator. Furthermore... == is not the right operator. It's =. Portability would surely be compromised if you were using == (which doesn't work on FreeBSD; or many other OSes I gather from experience). Ooops, I did catch that and you're quite right. -- --- Tim Daneliuk ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Bourne shell if syntax
On 06/10/2013 02:21 PM, dte...@freebsd.org wrote: ctually, there's another reason you should also avoid the above (unquoted parameter), and that's in the case of a multi-word value. For example: Yup, that's the compelling case for using quoting. -- --- Tim Daneliuk ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Can sasl/sendmail Report IP Of Failed Access?
I am seeing login dictionary attacks on a FreeBSD mail server being reported. Is there a way to determine the IPs that are doing this so they can be blocked at the firewall? auth.log only notes the attempted user name, not the IP of origin. -- --- Tim Daneliuk ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Can sasl/sendmail Report IP Of Failed Access?
On 06/04/2013 04:51 PM, Doug Hardie wrote: On 4 June 2013, at 08:47, Tim Daneliuk tun...@tundraware.com wrote: I am seeing login dictionary attacks on a FreeBSD mail server being reported. Is there a way to determine the IPs that are doing this so they can be blocked at the firewall? auth.log only notes the attempted user name, not the IP of origin. -- I wrote some code to find the appropriate maillog entries which do include the IP addresses. It automagically adds the IP addresses to the pf blackhole table if certain criteria is met. The criteria is changeable. If you would like a copy, let me know. Yes, I'd love a look at that, thanks. -- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Installing 8.1-RELEASE - Problems via FTP
Greetings- I have need to install FreeBSD 8.1-RELEASE amd64 to build some packages. My usual method of installation is via the *-bootonly.iso, pulling the install from FTP. However, it appears since 8.1-RELEASE is old and deprecated, none of the mirrors have the files available anymore to use during the installer. So, how do I proceed: 1. Does anyone have a proper URL to put into the installer? I already tried ftp://ftp-archive.freebsd.org but I think there is additional path info needed 2. Should I install from the full CD or DVDs? If successful, would I still have problems pulling the ports tree for 8.1-RELEASE? Thanks! --Tim ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Installing 8.1-RELEASE - Problems via FTP
- Original Message - On May 21, 2013, at 9:39 AM, Tim Nelson wrote: Greetings- I have need to install FreeBSD 8.1-RELEASE amd64 to build some packages. My usual method of installation is via the *-bootonly.iso, pulling the install from FTP. However, it appears since 8.1-RELEASE is old and deprecated, none of the mirrors have the files available anymore to use during the installer. Poppycock… BEFORE you get to the sysinstall media selection dialog, make a detour into the Options, use arrow-up/down to highlight Release Name, press SPACEBAR, and change from X.Y-RELEASE to any (without quotes; also acceptable would be __RELEASE without quotes). NOTE: This will tell sysinstall to *not* try and auto-detect the release directory path on the FTP server but instead use the exact path that you give it. When you get to the media selection dialog, use FTP-Passive with the following URL: ftp://ftp-archive.freebsd.org/pub/FreeBSD-Archive/old-releases/i386/8.1-RELEASE/ That should work. The any (or __RELEASE) release-name tells it to not try things like pub/FreeBSD/releases/arch/relName (which obviously doesn't exist, given extra -Archive and old- prefixes in some of the path directory elements). This worked perfectly, no problems. Thanks for the help! --Tim ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: check variable content size in sh script
On 05/18/2013 10:09 AM, Quartz wrote: However, if the OP wanted to actually truncate $FOO to 51 characters: NEWFOO=$( echo $FOO | awk -v max=51 '{print substr($0,0,max)}' ) You don't need all that for a simple truncation/substring, you can do it with a direct assignment: newfoo=${foo:0:51} That works for bash, not sh. -- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: check variable content size in sh script
#foo works with sh On May 18, 2013 10:58:30 AM Quartz qua...@sneakertech.com wrote: newfoo=${foo:0:51} That works for bash, not sh. Ok granted, but I don't think that ${#foo} is straight sh either, so I assumed things bash/tcsh/ksh/whatever accept when running in sh emulation were ok. __ it has a certain smooth-brained appeal ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: check variable content size in sh script
On 05/16/2013 10:08 AM, Joe wrote: Hello Have script that has max size on content in a variable. How to code size less than 51 characters? FOO=Some string you want to check length of FOOLEN=`echo $FOO | wc | awk '{print $3}'` You can then use $FOOLEN in a conditional. -- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: check variable content size in sh script
On 05/16/2013 10:45 AM, Dan Nelson wrote: In the last episode (May 16), Tim Daneliuk said: On 05/16/2013 10:08 AM, Joe wrote: Hello Have script that has max size on content in a variable. How to code size less than 51 characters? FOO=Some string you want to check length of FOOLEN=`echo $FOO | wc | awk '{print $3}'` You can then use $FOOLEN in a conditional. Much better way: FOO=Some string you want to check length of FOOLEN=${#FOO} D'Oh, you're right ... what was I thinking ... Slinks off in shame ... -- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: what commands show memory usage
On 05/14/2013 08:56 PM, Joe wrote: Tim Daneliuk wrote: On 05/14/2013 08:32 PM, Joe wrote: When stopping vnet jails get message about lost memory pages. What console commands show available memory pages so I can determine the lost memory pages after 100 stopped jails? Want to find out if that lost memory page message is bogus or not. Look at 'vmstat' and 'free' commands. can't find any free command Sorry Joe (and everyone), I had a brief bit flip. The command is actually called freebsd-memory and is not in the base system. It's an addon from Ralph Engelshall and can be found here: http://people.freebsd.org/~rse/utils/ (If you care, the 'free' command is how you do this on Linux.) -- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Looks Like New Changes To 'install' Break Mergemaster
$ mergemaster -Fi *** The directory specified for the temporary root environment, /var/tmp/temproot, exists. This can be a security risk if untrusted users have access to the system. Use 'd' to delete the old /var/tmp/temproot and continue Use 't' to select a new temporary root directory Use 'e' to exit mergemaster Default is to use /var/tmp/temproot as is How should I deal with this? [Use the existing /var/tmp/temproot] d *** Deleting the old /var/tmp/temproot *** Creating the temporary root environment in /var/tmp/temproot *** /var/tmp/temproot ready for use *** Creating and populating directory structure in /var/tmp/temproot install: illegal option -- l usage: install [-bCcMpSsv] [-B suffix] [-f flags] [-g group] [-m mode] [-o owner] file1 file2 install [-bCcMpSsv] [-B suffix] [-f flags] [-g group] [-m mode] [-o owner] file1 ... fileN directory install -d [-v] [-g group] [-m mode] [-o owner] directory ... *** FATAL ERROR: Cannot 'cd' to /usr/src and install files to the temproot environment ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Looks Like New Changes To 'install' Break Mergemaster
On 03/17/2013 02:36 PM, Tim Daneliuk wrote: $ mergemaster -Fi *** The directory specified for the temporary root environment, /var/tmp/temproot, exists. This can be a security risk if untrusted users have access to the system. Use 'd' to delete the old /var/tmp/temproot and continue Use 't' to select a new temporary root directory Use 'e' to exit mergemaster Default is to use /var/tmp/temproot as is How should I deal with this? [Use the existing /var/tmp/temproot] d *** Deleting the old /var/tmp/temproot *** Creating the temporary root environment in /var/tmp/temproot *** /var/tmp/temproot ready for use *** Creating and populating directory structure in /var/tmp/temproot install: illegal option -- l usage: install [-bCcMpSsv] [-B suffix] [-f flags] [-g group] [-m mode] [-o owner] file1 file2 install [-bCcMpSsv] [-B suffix] [-f flags] [-g group] [-m mode] [-o owner] file1 ... fileN directory install -d [-v] [-g group] [-m mode] [-o owner] directory ... *** FATAL ERROR: Cannot 'cd' to /usr/src and install files to the temproot environment More specifically, running 'sh -x mergemaster' show us this: ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org + cd /usr/src + od=/var/tmp/temproot/usr/obj + make -m /usr/src/share/mk DESTDIR=/var/tmp/temproot distrib-dirs + MAKEOBJDIRPREFIX=/var/tmp/temproot/usr/obj make -m /usr/src/share/mk _obj SUBDIR_OVERRIDE=etc + MAKEOBJDIRPREFIX=/var/tmp/temproot/usr/obj make -m /usr/src/share/mk everything SUBDIR_OVERRIDE=etc + MAKEOBJDIRPREFIX=/var/tmp/temproot/usr/obj make -m /usr/src/share/mk DESTDIR=/var/tmp/temproot distribution install: illegal option -- l usage: install [-bCcMpSsv] [-B suffix] [-f flags] [-g group] [-m mode] [-o owner] file1 file2 install [-bCcMpSsv] [-B suffix] [-f flags] [-g group] [-m mode] [-o owner] file1 ... fileN directory install -d [-v] [-g group] [-m mode] [-o owner] directory ... + echo '' + echo ' *** FATAL ERROR: Cannot '\''cd'\'' to /usr/src and install files to' *** FATAL ERROR: Cannot 'cd' to /usr/src and install files to + echo ' the temproot environment' the temproot environment + echo '' + exit 1 -- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Looks Like New Changes To 'install' Break Mergemaster
On 03/17/2013 02:52 PM, Tim Daneliuk wrote: PR 177055 submitted. -- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
NFS Performance: Weirder And Weirder
This is really weird. A FreeBSD 9.1 system mounts the following: /dev/ad4s1a989M625M285M69%/ devfs 1.0k1.0k 0B 100%/dev /dev/ad4s1d7.8G 1G6.1G14%/var /dev/ad4s1e 48G9.4G 35G21%/usr /dev/ad4s1f390G127G231G35%/usr1 /dev/ad6s1d902G710G120G86%/usr1/BKU /usr1/something (under ad4s1f) and /usr1/BKU (all of ad6s1d) are exported for NFS mounting on the LAN. I have tested the speeds of these two drives locally doing a 'dd if=/dev/zero '. Their speeds are quite comparable - around 55-60 MB/s so the problem below is not an artifact of a slow drive. The two mounts are imported like this on a Linux Mint 12 machine: machine:/usr1/BKU /BKU nfs rw,soft,intr 0 0 machine:/usr1/shared /shared nfs rw,soft,intr 0 0 Problem: When I write files from the LM12 machines to /BKU the writes are 1/10 the speed of when writing to /shared. Reads are fine in both cases, at near native disk speeds being reported. Someone here suggested I get rid of any symlinks in the mount and I did that to no avail. Incidentally, the only reason I just noticed this is that I upgraded the NIC on the FreeBSD machine and the switch into which it connects to 1000Base because the LM12 machine had a built in 1000Base NIC. I also changed the cables on both machines to ensure they were not the problem. Prior to this, I was bandwidth constrained by the 100Base so I never saw NFS performance as an issue. When I upgraded, I expected faster transfers and when I didn't get them, I started this whole investigation. So ... I'm stumped: - It's not the drive or SATA ports because both drives show comparable performance. - It's not the cables because I can get great throughput on one of the NFS mountpoints. - It's neither NIC for the same reason. Does anyone: A) Have a clue what might be doing this B) Have a suggestion how to track down the problem Thanks, -- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: NFS Performance: Weirder And Weirder
On 03/16/2013 04:20 PM, Mehmet Erol Sanliturk wrote: With respect to your mount points : /usr1 is spanning TWO different partitions : /dev/ad4s1f390G127G231G35%/usr1 /dev/ad6s1d902G710G120G86%/usr1/BKU because /usr1/BKU is a sub-directory of /usr1 . If you create a new directory , for example /usr2 , and /usr2/BKU , and using this new separate directory for sharing , such as : /dev/ad6s1d902G710G120G86%/usr2/BKU and machine:/usr2/BKU /BKU nfs rw,soft,intr 0 0 will it make difference ? Mehmet Erol Sanliturk I just tried this and it made no difference. The same file copied onto the NFS mount on /usr1/shared takes about 20x as long when coppied on to /usr[1|2]/BKU. -- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: NFS Performance: Weirder And Weirder
On 03/16/2013 05:43 PM, Mehmet Erol Sanliturk wrote: Michael W. Lucas in Absolute FeeBSD , 2nd Edition , ( ISBN : 978-1-59327-151-0 ) , is suggesting the following ( p. 248 ) : In client ( mount , or , fstab ) , use options ( -o tcp , intr , soft , -w=32768 , -r=32768 ) tcp option will request a TCP mount instead of UDP mount , because FreeBSD NFS defaults to running over UDF . This subject may be another check point . Another very good suggestion but ... to no avail. Thanks for pointing this out. -- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: NFS Performance: Weirder And Weirder
On 03/16/2013 10:15 PM, Mehmet Erol Sanliturk wrote: On Sat, Mar 16, 2013 at 6:46 PM, Tim Daneliuk tun...@tundraware.com mailto:tun...@tundraware.com wrote: On 03/16/2013 05:43 PM, Mehmet Erol Sanliturk wrote: Michael W. Lucas in Absolute FeeBSD , 2nd Edition , ( ISBN : 978-1-59327-151-0 ) , is suggesting the following ( p. 248 ) : In client ( mount , or , fstab ) , use options ( -o tcp , intr , soft , -w=32768 , -r=32768 ) tcp option will request a TCP mount instead of UDP mount , because FreeBSD NFS defaults to running over UDF . This subject may be another check point . Another very good suggestion but ... to no avail. Thanks for pointing this out. -- --__--__ Tim Daneliuk tun...@tundraware.com mailto:tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ I have read messages once more . There is a phrase : Linux Mint 12 machineS ( plural ) . In your descriptions , there is no any information about network setup : Single client , multiple clients , etc . Then , with some assumptions : If there is ONLY ONE client , and all of the tests are performed on this ONLY client , problem may be attributed to FreeBSD server or kind of file(s) in different directories : One of the is encrypted ( requires decryption ) , another is plain file , etc. . There is one server - FreeBSD, and one client - LM12. Both have had their cables replaced with new CAT6 wiring. Copying the exact same file to each of the NFS mounts exhibits the problem. Reading from the two NFS mount is fast and as expected, so I do not suspect network issues. The two drives used on the server show similar disk performance locally. The server side exports are identical for both mounts as are the client side mounts. The ONLY difference is that the fast NFS mount has server side permissions of 777 whereas the slow NFS mount has server side permissions of 775. Both are owned by root:wheel. The contents of each filesystem are owned by a user in the wheel group. The one other difference is that all the contents of the slow mount are in a particular user group, and all the ones in the fast mount are in the wheel group. Changing the group ownership of all the stuff in the slow mount to wheel makes no difference. The problem appears to be size related on the slow mount. When I copy, say, a 100MB file to it, performance is just fine. When I copy a 1G file, it's 1/20 the throughput (45MB/sec vs 2MB/sec). This feels like some kind of buffer starvation but the fact that I can run at full speed against another mount point leaves me scratching my head as to just where. It's almost like there's some kind of halting going on during the transfer. Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Weird NFS Performance Problem
I have a FreeBSD 9.1-STABLE exhibiting weird NFS performance issues and I'd appreciate any suggestions. I have several different directories exported from the same filesystem. The machine that mounts them (a Linux Mint 12 desktop) writes nice and fast to one of them, but writes to the other one are dreadfully slow. Both are mounted on the LM machine using 'rw,soft,intr' in that machine's fstab file. Any ideas on what might be the culprit here? -- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
mpd5 vs lt2pd vs sl2tps
Hi, I'm trying to get a FreeBSD box set up as an L2TP server. I've been tinkering with mpd5 and had some success, but I was wondering if anyone has been using l2tpd or sl2tps and what their experiences might have been. Are either of these easier to set up? More reliable? Especially for a configuration where LDAP authentication is preferred, or at least RADIUS if not LDAP? -- Tim Gustafson t...@ucsc.edu 831-459-5354 Baskin Engineering, Room 313A ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Fun Scripting Problem
I know how to do this in Python, but I really want to do it in straight Bourne shell. I have some ideas, but I thought I'd give you folks a crack at this Big Fun: a) You have a directory of files - say they're logs - generated at nondeterministic intervals. You may get more than one a day, more than one a month, none, or hundreds. b) To conserve space, you want to keep the last file generated in any given month (the archive goes back for an unspecified number of years), and delete all the files generated prior to that last file in that same month. c) Bonus points if the problem is solved generally for either files or directories generated as described above. These are not actually logs, and no, I don't think logrotate can do this ... or can it? -- --- Tim Daneliuk ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Fun Scripting Problem
On 02/13/2013 12:38 PM, Teske, Devin wrote: (apologies for top-post) As tempted as I am, I think newsyslog(8) may be what you want. Missing information in your post is how you intend to timestamp the files -- by filename? by content? If by-content, then is it a good assumption that the data is one entry per-line? ... and if-so, is the timestamp in that line? These are all questions that would be needed to script what you're asking for (not that I'm volunteering or anything like that). The only way to determine the date of the file is by looking at its stat info. There is nothing the file name or content that could be used to infer this. -- --- Tim Daneliuk ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Fun Scripting Problem
On 02/13/2013 03:13 PM, Robert Bonomi wrote: Date: Wed, 13 Feb 2013 12:27:31 -0600 From: Tim Daneliuk tun...@tundraware.com Subject: Fun Scripting Problem I know how to do this in Python, but I really want to do it in straight Bourne shell. I have some ideas, but I thought I'd give you folks a crack at this Big Fun: a) You have a directory of files - say they're logs - generated at nondeterministic intervals. You may get more than one a day, more than one a month, none, or hundreds. b) To conserve space, you want to keep the last file generated in any given month (the archive goes back for an unspecified number of years), and delete all the files generated prior to that last file in that same month. c) Bonus points if the problem is solved generally for either files or directories generated as described above. These are not actually logs, and no, I don't think logrotate can do this ... or can it? here's a one-liner: rm ` \ stat -f %SB %B %N * \ | sort -k5nr \ | cut -c1-7,17-20,32- \ | awk 'BEGIN {a=;b=0;c=0} $1==a $2==b $3=c {print $4;}{a=$1;b=$2;c=$3}' \ ` This selects on creation date. change the B (both of them) in the stat call to use a different timestamp Thanks to all that took the time. Interesting responses. It will be fun to cook up my own version. -- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Was I Sourced?
Is there a way for script to determine whether is was sourced or forked off as a subprocess when it was invoked? I have a script that needs to be sourced to work properly and I want to warn the luser if they exec or subshell it instead. TIA, -- --- Tim Daneliuk ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Was I Sourced?
On 02/12/2013 11:10 AM, Robert Bonomi wrote: Date: Tue, 12 Feb 2013 08:53:37 -0600 From: Tim Daneliuk tun...@tundraware.com To: FreeBSD Mailing List freebsd-questions@freebsd.org Subject: Was I Sourced? Is there a way for script to determine whether is was sourced or forked off as a subprocess when it was invoked? I have a script that needs to be sourced to work properly and I want to warn the luser if they exec or subshell it instead. a 'sourced' script does -not- honor a shebag line. you can exploit that. The executable script /usr/local/bin/source_only; #!/bin/sh echo Error: this script must be sourced Your script: #!/usr/local/bin/source_only {cmd} {cmd} {cmd} {cmd} {cmd} {cmd} ... ... Trying to do it totally self-contained is not easy. Actually, it's not that hard. Setting the shebang line to this does the trick: #!/bin/echo This Script Must Be Sourced Thanks to all who replied on this one ... -- --- Tim Daneliuk ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Restricting Periodic Scripts
I have a FreeBSD ZFS file server with tens of millions of files stored on it. But, the daily periodic scripts like /etc/periodic/security/110.neggrpperm and /etc/periodic/weekly/310.locate take hours iterating through those folders, and I just don't need them to be scanned. I see that I can edit /etc/locate.rc to fix the behavior for /etc/periodic/weekly/310.locate but I don't see a way to exclude folders from other scripts like /etc/periodic/security/110.neggrpperm from scanning them. Is there any way to prune out folders that I don't want scanned, or should I just disable those jobs? -- Tim Gustafson t...@ucsc.edu 831-459-5354 Baskin Engineering, Room 313A ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Restricting Periodic Scripts
I have a FreeBSD ZFS file server with tens of millions of files stored on it. But, the daily periodic scripts like /etc/periodic/security/110.neggrpperm and /etc/periodic/weekly/310.locate take hours iterating through those folders, and I just don't need them to be scanned. I see that I can edit /etc/locate.rc to fix the behavior for /etc/periodic/weekly/310.locate but I don't see a way to exclude folders from other scripts like /etc/periodic/security/110.neggrpperm from scanning them. Is there any way to prune out folders that I don't want scanned, or should I just disable those jobs? Thanks to everyone who replied. I got some helpful suggestions from a few people, which all amounted to either disable the jobs or create your own custom version of those jobs. So for now, I'm just disabling them. I appreciate all the help. Thanks! -- Tim Gustafson t...@ucsc.edu 831-459-5354 Baskin Engineering, Room 313A ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: OT: What Might Break getbostbyname() ?
On Thu, January 17, 2013 6:49 am, Dan Nelson wrote: First, check /etc/nsswitch.conf and verify that dns is listed on the hosts: line. Next, try disabling nscd (svcadm disable name-service-cache) , and then running truss ping www.google.com (make sure to reenable nscd when you're done debugging). You should see syscalls to open /etc/resolv.conf, read the contents, and then open a socket to the nameserver listed in that file. Dan and Robert - Thanks for your replies. It seems that someone removed DNS from the hosts line in nsswitch.conf and this is what was breaking ordinarily userland resolver calls. WHY they did this is unclear to me. I appreciate you folks taking the time here... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: OT: What Might Break getbostbyname() ?
On Thu, January 17, 2013 6:49 am, Dan Nelson wrote: First, check /etc/nsswitch.conf and verify that dns is listed on the hosts: line. Next, try disabling nscd (svcadm disable name-service-cache) , and then running truss ping www.google.com (make sure to reenable nscd when you're done debugging). You should see syscalls to open /etc/resolv.conf, read the contents, and then open a socket to the nameserver listed in that file. Dan and Robert - Thanks for your replies. It seems that someone removed DNS from the hosts line in nsswitch.conf and this is what was breaking ordinarily userland resolver calls. WHY they did this is unclear to me. I appreciate you folks taking the time here... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: OT: What Might Break getbostbyname() ?
On Thu, January 17, 2013 6:49 am, Dan Nelson wrote: First, check /etc/nsswitch.conf and verify that dns is listed on the hosts: line. Next, try disabling nscd (svcadm disable name-service-cache) , and then running truss ping www.google.com (make sure to reenable nscd when you're done debugging). You should see syscalls to open /etc/resolv.conf, read the contents, and then open a socket to the nameserver listed in that file. Dan and Robert - Thanks for your replies. It seems that someone removed DNS from the hosts line in nsswitch.conf and this is what was breaking ordinarily userland resolver calls. WHY they did this is unclear to me. I appreciate you folks taking the time here... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
OT: What Might Break getbostbyname() ?
This is not really a FreeBSD problem ... in fact, it's happening on a Solaris 10 machine. But because the TCP stack and its userland interface came from BSD, I am hoping some kind soul might have an insight into what's going on ... The machine in question does DNS lookups fine via dig or nslookup. I believe these connect directly to the DNS server(s) specified in /etc/resolv.conf. However, any program that uses gethostbyname() - like ping - fails and says it cannot resolve the name. I'm looking for hints here on why or how gethostbyname() and/or the network stack could get clobbered so as to not be able to talk to the DNS servers which I know are reachable via dig and nslookup. TIA, -- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: manpage - html
On 01/12/2013 06:24 PM, Fbsd8 wrote: Is there any command line command to convert a port's manpage to html? Well really any manpage. In the ports under: textproc/man2html -- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Syncing Two Dirs With Rsync
I have used rsync for many years to make sure a destination machine:directory is kept up-to-date with some source master directory. I now need to find a way to keep two different machine:dirs in sync with each other. But for any given file, I don't know which of these is newer so I don't know which way to sync. For example given: machineA::/dir/foo machineB:/dir/foo machineA::/dir/bar machineB:/dir/bar Say the machineA has the newest foo, but machineB has the newest bar. At the end of syncing, I want both machines to have the latest copies of everything. I'm guessing there's a way to do this with rsync but I'm kind of stumped. Ideas? -- --- Tim Daneliuk ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Somewhat OT: Is Full Command Logging Possible?
On 12/18/2012 06:53 PM, John Hein wrote: Tim Daneliuk wrote at 17:48 -0600 on Dec 5, 2012: On 12/05/2012 05:44 PM, Kurt Buff wrote: On Wed, Dec 5, 2012 at 3:19 PM, Tim Daneliuk tun...@tundraware.com wrote: I am working with an institution that today provides limited privilege escalation on their servers via very specific sudo rules. The problem is that the administrators can do 'sudo su -'. snip sudo is misconfigured. man 5 sudoers and man 8 visudo Kurt I'm sorry Kurt, I'm sort of dense today, I'm not sure what you're saying. Are you suggesting that there is a way to configure sudo so that if someone does 'sudo su -' to become an admin, sudo can be made to log every command they execute thereafter? See log_input and log_output in sudoers(5) Thanks so much John, that's the secret sauce I was looking for... -- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Somewhat OT: Is Full Command Logging Possible?
On 12/18/2012 07:09 PM, Tim Daneliuk wrote: On 12/18/2012 06:53 PM, John Hein wrote: Tim Daneliuk wrote at 17:48 -0600 on Dec 5, 2012: On 12/05/2012 05:44 PM, Kurt Buff wrote: On Wed, Dec 5, 2012 at 3:19 PM, Tim Daneliuk tun...@tundraware.com wrote: I am working with an institution that today provides limited privilege escalation on their servers via very specific sudo rules. The problem is that the administrators can do 'sudo su -'. snip sudo is misconfigured. man 5 sudoers and man 8 visudo Kurt I'm sorry Kurt, I'm sort of dense today, I'm not sure what you're saying. Are you suggesting that there is a way to configure sudo so that if someone does 'sudo su -' to become an admin, sudo can be made to log every command they execute thereafter? See log_input and log_output in sudoers(5) Thanks so much John, that's the secret sauce I was looking for... One further question, if I may. If I do this: sudo su - Will log_input record everything I do once I've been promoted to root? I ask because my initial experiments seem to show that all that's getting recorded is the content of the sudo command itself, not the subsequent actions... -- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Somewhat OT: Is Full Command Logging Possible?
On 12/18/2012 07:33 PM, Devin Teske wrote: On Dec 18, 2012, at 5:18 PM, Tim Daneliuk wrote: One further question, if I may. If I do this: sudo su - Will log_input record everything I do once I've been promoted to root? I ask because my initial experiments seem to show that all that's getting recorded is the content of the sudo command itself, not the subsequent actions… Correct, sudo is blind to the actions performed once the command requested is executed (in this case, su and subsequently a shell followed by more actions). Actually, I just tried this with both log_input and log_output options enabled. It seems that it *can* see into the promoted shell with a few caveats: - Command output is logged immediately, but command inputs appear to only be written to the log when you exit the promoted shell. This may be not quite right - there may have not been enough input to cause a write flush to the log. - The logging seems to be able to see into a spawned subshell, but I don't think it can see input/output if you, say, kick off an xterm. I've suggested the lrexec module for catching everything, or you can look into the auditdistd (distributed auditing collection/collation to a remote/central server) approach, the praudit approach, or any of the other pieces of software mentions. -- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Somewhat OT: Is Full Command Logging Possible?
On 12/18/2012 08:03 PM, Devin Teske wrote: On Dec 18, 2012, at 5:43 PM, Tim Daneliuk wrote: On 12/18/2012 07:33 PM, Devin Teske wrote: On Dec 18, 2012, at 5:18 PM, Tim Daneliuk wrote: One further question, if I may. If I do this: sudo su - Will log_input record everything I do once I've been promoted to root? I ask because my initial experiments seem to show that all that's getting recorded is the content of the sudo command itself, not the subsequent actions… Correct, sudo is blind to the actions performed once the command requested is executed (in this case, su and subsequently a shell followed by more actions). Actually, I just tried this with both log_input and log_output options enabled. It seems that it *can* see into the promoted shell with a few caveats: - Command output is logged immediately, but command inputs appear to only be written to the log when you exit the promoted shell. This may be not quite right - there may have not been enough input to cause a write flush to the log. - The logging seems to be able to see into a spawned subshell, but I don't think it can see input/output if you, say, kick off an xterm. What about if you do sudo vim and then type :sh ? Yep, I just tried that too. It catches that. It also catches the in/output of subshells - like, say, kicking off sh interactively. Similarly, if you're running text-based emacs, it catches the output of spawning to a shell from there and doing things. The only restriction I have run into so far, it that - for obvious reasons - sudo cannot see into what you're doing if you kick off an X application like xterm or graphical emacs, for instance. -- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Somewhat OT: Is Full Command Logging Possible?
On 12/18/2012 08:20 PM, Tim Daneliuk wrote: On 12/18/2012 08:03 PM, Devin Teske wrote: On Dec 18, 2012, at 5:43 PM, Tim Daneliuk wrote: On 12/18/2012 07:33 PM, Devin Teske wrote: On Dec 18, 2012, at 5:18 PM, Tim Daneliuk wrote: One further question, if I may. If I do this: sudo su - Will log_input record everything I do once I've been promoted to root? I ask because my initial experiments seem to show that all that's getting recorded is the content of the sudo command itself, not the subsequent actions… Correct, sudo is blind to the actions performed once the command requested is executed (in this case, su and subsequently a shell followed by more actions). Actually, I just tried this with both log_input and log_output options enabled. It seems that it *can* see into the promoted shell with a few caveats: - Command output is logged immediately, but command inputs appear to only be written to the log when you exit the promoted shell. This may be not quite right - there may have not been enough input to cause a write flush to the log. - The logging seems to be able to see into a spawned subshell, but I don't think it can see input/output if you, say, kick off an xterm. What about if you do sudo vim and then type :sh ? Yep, I just tried that too. It catches that. It also catches the in/output of subshells - like, say, kicking off sh interactively. Similarly, if you're running text-based emacs, it catches the output of spawning to a shell from there and doing things. The only restriction I have run into so far, it that - for obvious reasons - sudo cannot see into what you're doing if you kick off an X application like xterm or graphical emacs, for instance. I should clarify that I tested this not on FreeBSD but on a Mint Linux desktop I had handy. I would expect the same behavior everywhere, though, since sudo itself is reasonably portable... -- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Somewhat OT: Is Full Command Logging Possible?
On 12/18/2012 10:10 PM, Devin Teske wrote: On Dec 18, 2012, at 6:20 PM, Tim Daneliuk wrote: On 12/18/2012 08:03 PM, Devin Teske wrote: On Dec 18, 2012, at 5:43 PM, Tim Daneliuk wrote: On 12/18/2012 07:33 PM, Devin Teske wrote: On Dec 18, 2012, at 5:18 PM, Tim Daneliuk wrote: One further question, if I may. If I do this: sudo su - Will log_input record everything I do once I've been promoted to root? I ask because my initial experiments seem to show that all that's getting recorded is the content of the sudo command itself, not the subsequent actions… Correct, sudo is blind to the actions performed once the command requested is executed (in this case, su and subsequently a shell followed by more actions). Actually, I just tried this with both log_input and log_output options enabled. It seems that it *can* see into the promoted shell with a few caveats: - Command output is logged immediately, but command inputs appear to only be written to the log when you exit the promoted shell. This may be not quite right - there may have not been enough input to cause a write flush to the log. - The logging seems to be able to see into a spawned subshell, but I don't think it can see input/output if you, say, kick off an xterm. What about if you do sudo vim and then type :sh ? Yep, I just tried that too. It catches that. It also catches the in/output of subshells - like, say, kicking off sh interactively. Similarly, if you're running text-based emacs, it catches the output of spawning to a shell from there and doing things. The only restriction I have run into so far, it that - for obvious reasons - sudo cannot see into what you're doing if you kick off an X application like xterm or graphical emacs, for instance. What about screen or tmux? (wondering if the transition into multiplexed shell is anywhere as opaque as X11). It definitely works if you are in a screen session and sudo su - from there. I have not tried promoting myself to root and THEN starting the screen session (I don't use tmux). -- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Mounting a samba share on boot?
On 12/11/2012 10:25 AM, Hanafi Syahroini wrote: This can be done with appropriate entries in /etc/fstab. However, I'd recommend against doing so because, if the SMB server is unreachable when the FreeBSD system boots, the FreeBSD box will hang looking for the SMB connection. A better way is to put a custom script in /usr/local/etc/rc.d/ that initiates the SMB mounts there. This too could fail, but it doesn't prevent the OS From booting fully. -- --- Tim Daneliuk ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Somewhat OT: Is Full Command Logging Possible?
On 12/06/2012 12:55 PM, n j wrote: On Thu, Dec 6, 2012 at 12:47 AM, Tim Daneliuk tun...@tundraware.com wrote: ... Well ... does auditd provide a record of every command issued within a script? I was under the impression (and I may well be wrong) that it noted only the name of the script being executed. Even if you configured auditd to record every command issued within a script, you'd still have a problem if a malicious user put the same commands inside a binary. As some people already pointed out, there is practically no way to control users once you give them root privileges. I understand this. Even the organization in question understands this. They are not trying to *prevent* any kind of access. All they're trying to do *log* it. Why? To meet some obscure compliance requirement they have to adhere to in order to remain in business. rant I know all of this is silly but that's our future when you let Our Fine Government regulate pretty much anything. /rant The only thing that would really solve your problem is probably something like http://www.balabit.com/network-security/scb/features (no personal experience with it, but seems it does what you need). -- --- Tim Daneliuk ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: List all hard drives on system (with capacities)... How?
On 12/06/2012 05:30 PM, Ronald F. Guilmette wrote: I'd like to write a small program or shell script that simply lists all of the physical hard drives attached to the local system, along with their product identifiers and their respective capacities. The following simple script works well for both PATA/SATA and USB hard drives, but it does not list drive capacities: #!/bin/sh atacontrol list | grep ': ad[0-9]' | sed 's/^.*: //' camcontrol devlist | grep '(da[0-9]' | sed -E 's/^(.*) \((da[0-9]+).*$/\2 \1/' How can I modify the script above in order to get it to print out the respective drive capacities? Look into fdisk -s -- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Somewhat OT: Is Full Command Logging Possible?
This is a little bit outside the strict boundaries of a FreeBSD question, but I am hoping someone in this community has solved this problem and that I might be able to adapt it for non-FreeBSD systems (AIX and Linux, specifically). I am working with an institution that today provides limited privilege escalation on their servers via very specific sudo rules. The problem is that the administrators can do 'sudo su -'. The fact that they became root is logged, *but everything thereafter they do is not*. What these people need is something that does the following things - this need not be sudo based, any FOSS or commercial solution would be considered: - Log the fact that someone became effective root - Log every command they execute *as* root - If they run a script as root, log the individual actions of that script - Have visibility into all this no matter how they access the system - console, ssh, xterm Nothing I have found so far meets all these criterion. Verbose syslogging will not catch the case where you start a subshell from the main shell. Keylogging seems to only have limited coverage and does not appear it would work if, say, I log in via ssh and then kick off an xterm. Other solutions fail if I start an editor and shell out from there. The current proposal is to install sudo rules such that NO one is allowed 'sudo su -' and *every single command* you want to run as root has to start with 'sudo'. This has two big drawbacks: - It's an enormous pain for the admins and fundamentally changes their workflow - It cannot see into scripts. So I can circumvent it pretty easily with: sudo chown root:wheel my_naughty_script sudo chmod 700 my_naughty script sudo ./my_naughty_script The sudo log will note that I ran the script, but not what it did. So Gentle Geniuses, is there prior art here that could be applied to give me full coverage logging of every action taken by any person or thing running with effective or actual root? P.S. I do not believe auditd does this either. -- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Somewhat OT: Is Full Command Logging Possible?
On 12/05/2012 05:42 PM, Damien Fleuriot wrote: On 6 Dec 2012, at 00:19, Tim Daneliuk tun...@tundraware.com wrote: sudo chown root:wheel my_naughty_script sudo chmod 700 my_naughty script sudo ./my_naughty_script The sudo log will note that I ran the script, but not what it did. wow, way to complicate matters. Hey, I didn't dream up this problem :) sudo csh So Gentle Geniuses, is there prior art here that could be applied to give me full coverage logging of every action taken by any person or thing running with effective or actual root? P.S. I do not believe Now would be a good time to start, then. Well ... does auditd provide a record of every command issued within a script? I was under the impression (and I may well be wrong) that it noted only the name of the script being executed. The only things you need to ensure are: - auditd cannot be killed off (this is an interesting bit actually, anyone knows how to do that ?) - the audit trail files can only be appended to ; man chflags An alternative would be lshell, however you'll have to whitelist commands people can execute. Remember that we want admins to be able to do *anything* but we just want to log what they do, in fact do. -- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Somewhat OT: Is Full Command Logging Possible?
On 12/05/2012 06:35 PM, Kurt Buff wrote: On Wed, Dec 5, 2012 at 3:48 PM, Tim Daneliuk tun...@tundraware.com wrote: On 12/05/2012 05:44 PM, Kurt Buff wrote: On Wed, Dec 5, 2012 at 3:19 PM, Tim Daneliuk tun...@tundraware.com wrote: I am working with an institution that today provides limited privilege escalation on their servers via very specific sudo rules. The problem is that the administrators can do 'sudo su -'. snip sudo is misconfigured. man 5 sudoers and man 8 visudo Kurt I'm sorry Kurt, I'm sort of dense today, I'm not sure what you're saying. Are you suggesting that there is a way to configure sudo so that if someone does 'sudo su -' to become an admin, sudo can be made to log every command they execute thereafter? No, I'm saying that sudo should not be configured to allow 'sudo su -'. Since you say that the users are provided limited privilege escalation on their servers via very specific sudo rules, it seems to me that one of three things is going wrong: o- Something is wrong with the configuration of sudoers if they can su to root when they shouldn't be able to do so o- Someone has misconceived what limited privilege escalation on their servers via very specific sudo rules actually means, and deliberately has it configured to allows users to su to root o- The users' accounts are already root equivalent, which, depending on the version and configuration of sudo, might give them the ability to sudo to root regardless of the contents of the sudoers file (see, for instance, the screen in FreeBSD when you perform 'cd /usr/ports/security/sudo' and then 'make config') Kurt Oh, OK, I wasn't being clear: - *Some* users are granted the ability to do sudo su - These are the sysadmins. - All other user are given selective ability to run only a few things via sudo. This varies by department and is controlled through a combination of sudo rules and central LDAP group membership control. This is necessary because, for example, some DBAs need this when installing a particular client. -- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: When Is The Ports Tree Going To Be Updated?
On 11/25/2012 11:17 PM, Warren Block wrote: On Sun, 25 Nov 2012, Matthew Seaman wrote: On 25/11/2012 23:10, Tim Daneliuk wrote: After the recent security scare, I know the ports tree was temporarily frozen. Does anyone know when it will again be updates. I just upgraded to 9.1-PRE and need to rebuild Firefox Thunderbird against the new libraries and ... they're broken, marked as security hazards... It's been being updated normally since near enough a week ago. Normally means subject to the pre-9.1-RELEASE restrictions on sweeping changes as is usual at this point in a release cycle. FireFox 17 and Thunderbird 17 updates were committed to ports on 20th November. Hmm. Is the index file being rebuilt? With FF16 installed, and 17 in the port directory, portsdb -Fu portversion -vl'' shows nothing to update. After 'make index', it does show. The problem was that I was missing the 'fetch' verb in my portsnap command. -- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: When Is The Ports Tree Going To Be Updated?
On 11/26/2012 01:30 AM, Matthew Seaman wrote: On 26/11/2012 00:59, Tim Daneliuk wrote: I use portsnap fetch update and it works... Ah, maybe that was the problem. That works for me as well. Ummm... how long have you been using portsnap? If you haven't been running 'portsnap fetch' or 'portsnap cron' then you won't have received any updates to your ports tree, ever. This is all explained quite clearly in the portsnap(8) man page. Cheers, Matthew I just switched from csup last week and am still learning the ropes. -- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
When Is The Ports Tree Going To Be Updated?
After the recent security scare, I know the ports tree was temporarily frozen. Does anyone know when it will again be updates. I just upgraded to 9.1-PRE and need to rebuild Firefox Thunderbird against the new libraries and ... they're broken, marked as security hazards... TIA, -- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: When Is The Ports Tree Going To Be Updated?
On 11/25/2012 05:25 PM, Matthew Seaman wrote: On 25/11/2012 23:10, Tim Daneliuk wrote: After the recent security scare, I know the ports tree was temporarily frozen. Does anyone know when it will again be updates. I just upgraded to 9.1-PRE and need to rebuild Firefox Thunderbird against the new libraries and ... they're broken, marked as security hazards... It's been being updated normally since near enough a week ago. Normally means subject to the pre-9.1-RELEASE restrictions on sweeping changes as is usual at this point in a release cycle. FireFox 17 and Thunderbird 17 updates were committed to ports on 20th November. Cheers, Matthew Hmmm, something is amiss: [root] ~portsnap update Ports tree is already up to date. [root] ~cd /usr/ports/www/firefox [root] /usr/ports/www/firefoxmake === firefox-16.0.2,1 has known vulnerabilities: Affected package: firefox-16.0.2,1 Type of problem: mozilla -- multiple vulnerabilities. Reference: http://portaudit.FreeBSD.org/d23119df-335d-11e2-b64c-c8600054b392.html = Please update your ports tree and try again. *** [check-vulnerable] Error code 1 Stop in /usr1/ports/www/firefox. ** [build] Error code 1 Stop in /usr1/ports/www/firefox. -- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: When Is The Ports Tree Going To Be Updated?
On 11/25/2012 06:56 PM, ajtiM wrote: On Sunday 25 November 2012 17:30:15 Tim Daneliuk wrote: On 11/25/2012 05:25 PM, Matthew Seaman wrote: On 25/11/2012 23:10, Tim Daneliuk wrote: After the recent security scare, I know the ports tree was temporarily frozen. Does anyone know when it will again be updates. I just upgraded to 9.1-PRE and need to rebuild Firefox Thunderbird against the new libraries and ... they're broken, marked as security hazards... It's been being updated normally since near enough a week ago. Normally means subject to the pre-9.1-RELEASE restrictions on sweeping changes as is usual at this point in a release cycle. FireFox 17 and Thunderbird 17 updates were committed to ports on 20th November. Cheers, Matthew Hmmm, something is amiss: [root] ~portsnap update Ports tree is already up to date. [root] ~cd /usr/ports/www/firefox [root] /usr/ports/www/firefoxmake === firefox-16.0.2,1 has known vulnerabilities: Affected package: firefox-16.0.2,1 Type of problem: mozilla -- multiple vulnerabilities. Reference: http://portaudit.FreeBSD.org/d23119df-335d-11e2-b64c-c8600054b392.html = Please update your ports tree and try again. *** [check-vulnerable] Error code 1 Stop in /usr1/ports/www/firefox. ** [build] Error code 1 Stop in /usr1/ports/www/firefox. I use portsnap fetch update and it works... Ah, maybe that was the problem. That works for me as well. Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Is FreeBSD 9 Production Ready?
I am currently running FBSD 8.3-STABLE on a production server that provides http, dns, smtp, and so on for a small domain. This is not a high arrival rate environment but it does need to be rock solid (which FBSD 4-8 have been). I am contemplating moving to the FBSD 9 family. Is this branch ready for production or should I wait a while yet? I ordinarily avoid x.0 releases of anything and I know 9.1 is soon going to be with us. In a related note, if I do move to 9.x is it sufficient to grab the appropriate source tree and compile world and kernels, install and reboot? That is, it is reasonable to do an in-place upgrade. This is how I migrated 4-6, 6-7, and 7-8 and I am hoping this is till the case since a complete reinstall is painful and slow. TIA, -- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is FreeBSD 9 Production Ready?
On 11/24/2012 11:19 AM, Lucas B. Cohen wrote: I wouldn't blindly trust and drop an operating system on production servers, no matter how good the feedback from outside my organization sounds. In general, I'd agree with you. Certainly, that's been the case with Linux, AIX, and so on over the years. But I have had essentially no problems doing in-place major rev updates with FreeBSD thus far. The only breakage I am worried about now is whether the new compiler change breaks things that used to work just fine. For example, will my make.conf settings be properly observed by the new tool chain? -- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
I Guess I Don't Understand NFS As Well As I Thought
Can someone kindly explain what is going on here: Machine A: FreeBSD - was running 8, just upgraded to 9.1-PRE (I don't recall seeing the behavior described below in V8, but then, I don't think I ever tried it). Machine B: Linux Mint Desktop - Machine A acts as an NFS server for Machine B. - Machine A exports a particular directory like this: /usr/foo -maproot=myid -network ... - /usr/foo/bar is owned by root on Machine A and has files therein owned as root:root with permissions of 600. - If I access /usr/foo/bar/file1 from Machine B, I cannot read it but - and this is the part I don't get - I CAN *rename* it. What's going on? Since /foo/bar/ is owned by root and everything in it is 600 root:root, I would not expect a remote access to allow things like renaming. Clearly I am missing something here, but I don't get it. -- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: I Guess I Don't Understand NFS As Well As I Thought
On 11/24/2012 03:25 PM, Doug Hardie wrote: On 24 November 2012, at 12:32, Tim Daneliuk wrote: Can someone kindly explain what is going on here: Machine A: FreeBSD - was running 8, just upgraded to 9.1-PRE (I don't recall seeing the behavior described below in V8, but then, I don't think I ever tried it). Machine B: Linux Mint Desktop - Machine A acts as an NFS server for Machine B. - Machine A exports a particular directory like this: /usr/foo -maproot=myid -network ... - /usr/foo/bar is owned by root on Machine A and has files therein owned as root:root with permissions of 600. - If I access /usr/foo/bar/file1 from Machine B, I cannot read it but - and this is the part I don't get - I CAN *rename* it. What's going on? Since /foo/bar/ is owned by root and everything in it is 600 root:root, I would not expect a remote access to allow things like renaming. Clearly I am missing something here, but I don't get it. What are the permissions on the directory /usr/foo/bar? 775 Let me correct something. The files in that directory are owned by root:wheel (not root:root - I got my *nixes confused), but they definitely have 600 perms. On Machine A, user 'myid' is IN the wheel group but I still don't see how he's getting permission to rename the file. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org -- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is FreeBSD 9 Production Ready?
On 11/24/2012 03:48 PM, Matthew Seaman wrote: It is not however sufficient to get you a completely upgraded system: you will still have to re-install all of your ports. Otherwise, as you end up trying to upgrade ports by ones and twos over time, you'll end up with a complete rat's nest of contradictory shared library dependencies and programs crashing left, right and centre. So I am discovering. I moved the system to 9.1-PRE today with a source compile. After I then did a make remove-old, the system started complaining about missing libraries. So ... I temporarily fixed this with appropriate /etc/libmap.conf entires. I am now about to do a portupgrade -aARrvf to redo the ports. We'll see how that goes... -- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: I Guess I Don't Understand NFS As Well As I Thought
On 11/24/2012 05:13 PM, Doug Hardie wrote: On 24 November 2012, at 14:37, Tim Daneliuk wrote: On 11/24/2012 03:25 PM, Doug Hardie wrote: On 24 November 2012, at 12:32, Tim Daneliuk wrote: Can someone kindly explain what is going on here: Machine A: FreeBSD - was running 8, just upgraded to 9.1-PRE (I don't recall seeing the behavior described below in V8, but then, I don't think I ever tried it). Machine B: Linux Mint Desktop - Machine A acts as an NFS server for Machine B. - Machine A exports a particular directory like this: /usr/foo -maproot=myid -network ... - /usr/foo/bar is owned by root on Machine A and has files therein owned as root:root with permissions of 600. - If I access /usr/foo/bar/file1 from Machine B, I cannot read it but - and this is the part I don't get - I CAN *rename* it. What's going on? Since /foo/bar/ is owned by root and everything in it is 600 root:root, I would not expect a remote access to allow things like renaming. Clearly I am missing something here, but I don't get it. What are the permissions on the directory /usr/foo/bar? 775 Let me correct something. The files in that directory are owned by root:wheel (not root:root - I got my *nixes confused), but they definitely have 600 perms. On Machine A, user 'myid' is IN the wheel group but I still don't see how he's getting permission to rename the file.\ Renaming a file does not change the file itself. It updates the directory. Any user in group wheel has the authority to write to the directory (e.g., change a file's name). The directory permissions are rwx for group wheel. You can either try a user on machine B who is not in group wheel or change the directory permissions to 755 on /usr/foo/bar. Then it would work as you expect. D'oh ... of course that's it. Thanks. -- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is FreeBSD 9 Production Ready?
On 11/24/2012 05:58 PM, Erich Dollansky wrote: Hi, On Sat, 24 Nov 2012 10:38:35 -0600 Tim Daneliuk tun...@tundraware.com wrote: I am currently running FBSD 8.3-STABLE on a production server that provides http, dns, smtp, and so on for a small domain. This is not a high arrival rate environment but it does need to be rock solid (which FBSD 4-8 have been). why would you like to break a running system? That's exactly what I don't want to do. I am contemplating moving to the FBSD 9 family. Is this branch ready I would stay with 8.x until the end of its support and move only then to a new branch. It could be then 9.x or 10.y. I would then - but only then - prefer the 10.y branch. I retired my 7.4 only because of lightning strike this spring. Robustness is my main goal here. Any change which brings only the risk is avoided. I used to take this approach. However, I discovered the pain of fixing a configuration that jumped several major releases was way higher than tracking them each as they became stable. I did the 9.1-PRE upgrade today and - once the new system was compiled and ready to be installed - had only very minor conversion issues. In my case, the most painful part of conversion is the mail infrastructure. The server in question is the domain's mail server and it has a LOT of moving parts with custom configurations: sendmail, greylisting, mailscanner, spam assassin, mailman, SASL ... That is pretty much always what breaks. Doing smaller leaps tends to make this more tractable to control. Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is FreeBSD 9 Production Ready?
On 11/24/2012 06:16 PM, Shane Ambler wrote: On 25/11/2012 04:06, Tim Daneliuk wrote: But I have had essentially no problems doing in-place major rev updates with FreeBSD thus far. The only breakage I am worried about now is whether the new compiler change breaks things that used to work just fine. For example, will my make.conf settings be properly observed by the new tool chain? If you want to build with clang wait for 9.1 http://www.freebsd.org/cgi/query-pr.cgi?pr=threads/165173 I plan to stay conservative and only switch to clang when it is THE way to build everything. i.e., When GCC is finally retired for use in the base OS. Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Somewhat OT: Using Pipes Inside a GNU Make File
On 09/05/2012 09:15 PM, Warren Block wrote: On Wed, 5 Sep 2012, Tim Daneliuk wrote: On 09/05/2012 07:24 PM, Bryan Drewery wrote: On 9/5/2012 7:02 PM, Tim Daneliuk wrote: A bit off topic, but I'm kind of stuck. I am using gmake and want to do something like this: FOO := $(shell a | b | c) But this appears not to work. Only the 'a' command is executed. The remainder of the pipeline is ignored. Is there some clean way to implement this kind of thing? I use this in a GNUMakefile and it works fine. BRANCH := $(shell git branch --no-color | grep ^* | sed -e 's/^\* //') You may need to post a more specific example. Bryan ___ Here's the line that is failing: 2LATEX = $(shell which rst2latex.py rst2latex | tr '\012' ' ' | awk '{print $1}') --stylesheet=parskip Bryan's example is using := for assignment. That wasn't it, as it turned out. The problem was in the awk statement. Instead of: awk '{print $1}' I had to use: awk '{print $$1}' This is necessary because $1 is a *make* variable but $$1 is the awk variable I wanted ($1) D'uh --- Tim Daneliuk ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Somewhat OT: Using Pipes Inside a GNU Make File
A bit off topic, but I'm kind of stuck. I am using gmake and want to do something like this: FOO := $(shell a | b | c) But this appears not to work. Only the 'a' command is executed. The remainder of the pipeline is ignored. Is there some clean way to implement this kind of thing? -- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Somewhat OT: Using Pipes Inside a GNU Make File
On 09/05/2012 07:24 PM, Bryan Drewery wrote: On 9/5/2012 7:02 PM, Tim Daneliuk wrote: A bit off topic, but I'm kind of stuck. I am using gmake and want to do something like this: FOO := $(shell a | b | c) But this appears not to work. Only the 'a' command is executed. The remainder of the pipeline is ignored. Is there some clean way to implement this kind of thing? I use this in a GNUMakefile and it works fine. BRANCH := $(shell git branch --no-color | grep ^* | sed -e 's/^\* //') You may need to post a more specific example. Bryan ___ Here's the line that is failing: 2LATEX = $(shell which rst2latex.py rst2latex | tr '\012' ' ' | awk '{print $1}') --stylesheet=parskip -- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Tangental And OT: Commercial Support For 'sudo'
Please forgive the OTishness of this, but I'm hoping some of my fellows in the large data center space may have a hint or two here ... I am working with a firm that needs to run sudo in a variety of OS environments. A few of these - noteably IBM AIX - do not provide vendor support and legal indemnification of many open source packages, sudo among them. This is official a Big Deal (tm) for this company. So ... does anyone know of a commercial concern that provide sudo support and legal indemnification? GratiSoft - the keeper of sudo - were apparently going to do this at one point but decided not to. TIA, Now back to your regularly scheduled discussion of the World's Finest OS... -- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Best file system for a busy webserver
On 08/16/2012 01:16 PM, Paul Schmehl wrote: Paul Schmehl pschmehl_li...@tx.rr.com wrote: Does anyone have any opinions on which file system is best for a busy webserver (7 million hits/month)? Is anyone one system noticeably better than any other? With only 15G of data, I'd recommend a pair of 60G SSD drives like the OCZ Vertex IIIs (About $1/G these days) wired into a *hardware* RAID controller setup to mirror them. This gives you blazing speed and reliability. If you want to add another drive, you can make it RAID 5 which - with the right cabinet and mounting hardware - would give you hotswap capability. I know people are fond of software RAID but I personally do not consider this a very high reliability technology unless you're running true datacenter class hardware with redundant everything (disk, NIC, fiber ...) and that's probably overkill in this case. Good RAID controllers are available from a number of manufacturers. I dunno if FreeBSD supports them, but Rocket has a good reputation (though I've never used them) as do both Adaptec and LSI. In any case, a controller plus 3 drives would probably only set you back in the $500-ish area which seems like a reasonable price point. Furthermore, depending on the amount of stuff that you're serving that is static vs. dynamic, you may get benefit from increasing memory (thereby increasing the likelihood of a cache hit) and increasing the minimum/threshold values for the number of httpd processing running all the time. -- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
32 bit to 64 bit
I'm upgrading a 7.3 -STABLE installation to 8.x, then 9- Stable over the next few days. The hardware is a Dell 2950 that is capable of running 64 bit FreeBSD. The original installation was i386 32 bit and that is what it is running now. Will the buildworld --- buildkernel KERNCONF=FOO64 allow a 32 bit installation to build a 64 bit kernel? I'd like to upgrade this machine to 64 bit AMD and I'd prefer not to do it from a DVD if I can do it from source. Has anyone tried this and succeeded (or failed spectacularly) on a remote install/upgrade? Tim Kellers ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: shell scripting: grepping multiple patterns, logically ANDed
On 06/27/2012 10:25 AM, Tim Daneliuk wrote: On 06/27/2012 09:25 AM, Aleksandr Miroslav wrote: hello, I'm not sure if this is the right forum for this question, but here goes. I have the following in a shell script: #!/bin/sh if [ $# -eq 0 ]; then find /foo fi if [ $# -eq 1 ]; then find /foo | grep -i $1 fi if [ $# -eq 2 ]; then find /foo | grep -i $1 | grep -i $2 fi if [ $# -eq 3 ]; then find /foo | grep -i $1 | grep -i $2 | grep -i $3 fi Is there an easier/shorter way to do this? If there are 15 arguments supplied on the command line, I don't necessarily want to build 15 if statements. Thanks in advance for your answers. The following solution relies on the fact that you can include multiple patterns for grep to match with the '-e' argument: #!/bin/sh PATTERNS=`echo $* | sed s/\ /\ -e\ /g` find /foo | grep $PATTERNS Notice that when constructing the $PATTERNS string out of the command line args, you have to quote them with a prepended space character. That's because the subsequent 'sed' substitution needs to find a space *before* each argument which it then replaces with -e . Whoops, I just realized that I ORed them and you want them ANDed. Hmmm ... must go think on that... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: shell scripting: grepping multiple patterns, logically ANDed
On 06/27/2012 09:25 AM, Aleksandr Miroslav wrote: hello, I'm not sure if this is the right forum for this question, but here goes. I have the following in a shell script: #!/bin/sh if [ $# -eq 0 ]; then find /foo fi if [ $# -eq 1 ]; then find /foo | grep -i $1 fi if [ $# -eq 2 ]; then find /foo | grep -i $1 | grep -i $2 fi if [ $# -eq 3 ]; then find /foo | grep -i $1 | grep -i $2 | grep -i $3 fi Is there an easier/shorter way to do this? If there are 15 arguments supplied on the command line, I don't necessarily want to build 15 if statements. Thanks in advance for your answers. The following solution relies on the fact that you can include multiple patterns for grep to match with the '-e' argument: #!/bin/sh PATTERNS=`echo $* | sed s/\ /\ -e\ /g` find /foo | grep $PATTERNS Notice that when constructing the $PATTERNS string out of the command line args, you have to quote them with a prepended space character. That's because the subsequent 'sed' substitution needs to find a space *before* each argument which it then replaces with -e . --- Tim Daneliuk ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: shell scripting: grepping multiple patterns, logically ANDed
On 06/27/2012 10:33 AM, Tim Daneliuk wrote: On 06/27/2012 10:25 AM, Tim Daneliuk wrote: On 06/27/2012 09:25 AM, Aleksandr Miroslav wrote: hello, I'm not sure if this is the right forum for this question, but here goes. I have the following in a shell script: #!/bin/sh if [ $# -eq 0 ]; then find /foo fi if [ $# -eq 1 ]; then find /foo | grep -i $1 fi if [ $# -eq 2 ]; then find /foo | grep -i $1 | grep -i $2 fi if [ $# -eq 3 ]; then find /foo | grep -i $1 | grep -i $2 | grep -i $3 fi Is there an easier/shorter way to do this? If there are 15 arguments supplied on the command line, I don't necessarily want to build 15 if statements. Thanks in advance for your answers. The following solution relies on the fact that you can include multiple patterns for grep to match with the '-e' argument: #!/bin/sh PATTERNS=`echo $* | sed s/\ /\ -e\ /g` find /foo | grep $PATTERNS Notice that when constructing the $PATTERNS string out of the command line args, you have to quote them with a prepended space character. That's because the subsequent 'sed' substitution needs to find a space *before* each argument which it then replaces with -e . Whoops, I just realized that I ORed them and you want them ANDed. Hmmm ... must go think on that... OK, here is an ANDing version: #!/bin/sh PATMATCH=`echo $* | sed s/' '/' | grep '/g` eval find ./ $PATMATCH -- --- Tim Daneliuk ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
[ANN] tperimeter 1.113 Released And Available
'tperimeter' Version 1.113 is released and available at: http://www.tundraware.com/Software/tperimeter/ The last public release was 1.112 What's New -- Changed the wrapper file rebuild logic to delete outstanding access requests independently of how often the script is run (either by cron, or manually). This means that the 'cron' frequency now determines the average waiting time before a user's request is fulfilled. The '${DURATION}' variable in 'rebuild-hosts.allow.sh' sets how long access will be permitted (The default value is 10 minutes). Minor documentation updates, typo fixes, and housekeeping. What Is 'tperimeter'? - Have you ever been away from the office and needed, say, ssh access to your system? Ooops - you can't do that because in your zealous pursuit of security, you set your TCP wrappers to prevent outside access to all but a select group of hosts. Worse still, everywhere you go, your local IP address changes so there is no practical way to open up the wrappers for this situation. 'tperimeter' is a dynamic TCP wrapper control system that gives you (limited) remote control of your TCP wrapper configuration. It does this via a web interface that you've (hopefully) secured with https/SSL. You just log in, specify your current IP address and one of the services you want to access. 'tperimeter' will then briefly open a hole in your wrappers long enough to let you in. It then automatically closes the hole again. Voila! Remote access to your system, wherever you are. You get much of the facility of a VPN or so-called port knocking without most of the aggravation. As a side benefit, 'tperimeter' will also simplify management of your standard /etc/hosts.allow TCP wrapper control file. 'tperimeter' is written in python, shell script, and html. It is very small and easy to maintain. It was developed and tested on FreeBSD 4.x/8.x, and apache 1.x/2.x, but should run with very minor (or no) modification on most Unix-like systems like Linux or Mac OS X hosts. It comes complete with documentation in html, pdf, dvi, and Postscript formats. There is no licensing fee for any use, personal, commercial, government, or institutional. -- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Somewhat OT - A Makefile Question
On 06/07/2012 12:19 AM, Parv wrote: in message4fcf48af@tundraware.com, wrote Tim Daneliuk thusly... ... Within a makefile, I need to assign the name of a program as in: FOO = bar. The problem is that 'bar' may also be know as, say, bar.sh. ... Is there a simple way to determine which form bar or bar.sh on on a given system *at the time the make is run*? If both exist, I will pick one arbitrarily, ... For example I don't think this works when both are there: FOO = $(shell `which bar bar.sh) Modify the subshell command to ... which bar bar.sh | head -n 1 ... as in (for FreeBSD make) ... shell=`which zsh sh tcsh csh 2/dev/null | fgrep -v 'not found' | head -n 3` all: @printf %s\n ${shell} - parv Thanks. I came up with something similar, but I think your recipe is a bit more elegant ... -- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Somewhat OT - A Makefile Question
Not strictly FBSD, but ... Within a makefile, I need to assign the name of a program as in: FOO = bar. The problem is that 'bar' may also be know as, say, bar.sh. Worse still both bar and bar.sh can exist with one linked to the other. Is there a simple way to determine which form bar or bar.sh on on a given system *at the time the make is run*? If both exist, I will pick one arbitrarily, I just don't want the detection mechanism to fail when this is the case. For example I don't think this works when both are there: FOO = $(shell `which bar bar.sh) Thanks, -- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Possible /bin/sh Bug?
Given this script: #!/bin/sh foo= while read line do foo=$foo -e done echo $foo Say I respond 3 times, I'd expect to see: -e -e -e Instead, I get: -e -e Linux appears to do the right thing here, so this seems like it is a bug ... or am I missing something? -- --- Tim Daneliuk ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Possible /bin/sh Bug?
On 06/05/2012 11:35 AM, Dan Nelson wrote: In the last episode (Jun 05), Tim Daneliuk said: Given this script: #!/bin/sh foo= while read line do foo=$foo -e done echo $foo Say I respond 3 times, I'd expect to see: -e -e -e Instead, I get: -e -e Linux appears to do the right thing here, so this seems like it is a bug ... or am I missing something? echo takes a -e flag, so it eats the first one. Bash does the same thing, so any Linux that uses bash as /bin/sh will also. You must be testing on a Linux that uses something else as /bin/sh. Better to use the printf command if you are worried about compatibility. echo [-e | -n] [string ...] Print a space-separated list of the arguments to the standard output and append a newline character. -n Suppress the output of the trailing newline. -e Process C-style backslash escape sequences. The echo command understands the following character escapes: Ah, OK, that makes sense, thanks... -- --- Tim Daneliuk ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Somewhat OT: CVS Question
Forgive the OT nature of this, but FBSD tends to be a big CVS user, so I am hoping someone has an answer for this. Feel free to reply privately if you do not wish to inflict your answer up on the whole list... Is there a way to checkout a project from a CVS repo *into the current directory*? If I do this: cvs co -d . foo Or this: cvs co -d ./ foo I get this: cvs checkout: existing repository /usr/cvs/... does not match /usr/cvs/.../foo cvs checkout: ignoring module waccess Ideas? -- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
eliminate character with sed
Hello list, I have a few php config files that have the windows delimiter character in them ('^M') that I would like to get rid of. I'm trying to use sed to do it, and for some reason I am not having any luck. Here's the line that I'm trying to use: #sed -i '.bak' 's/^M//g' config.php However when I have a look at the backup file that's been created with this command, it looks like there was no effect: ?php ^M/* Global Variables */^Mif(!defined('DS'))^M define('DS',DIRECTORY_SEPARATOR);^M^M if(!defined(_MAINSITEPATH_))^M define(_MAINSITEPATH_,dirname(__FILE__).DS);^M I was wondering is someone had a tip on how to run this command effectively in this situation. Thanks! tim -- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: User can't login but /etc/(master.)passwd OK
On 05/09/12 12:02, Brian wrote: On 5/9/2012 8:08 AM, Michael Sierchio wrote: On Wed, May 9, 2012 at 8:03 AM, Robert Bonomibon...@mail.r-bonomi.com wrote: Details are *IMPORTANT*grin What's the user's shell in the password file, and does that shell: exist? executable? In the /etc/shells file? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org The OP probably ought to look at /var/log files as well to see if anything is revealed there. Access can be denied for reasons other than passwords. BW And a su -l [thatuser] as root would probably spit out some handy console messages right away. Tim ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: editor that understands CTRL/B, CTRL/I, CTRL/U
On 04/24/2012 12:50 PM, Anton Shterenlikht wrote: My daughter is doing a touch typing course that presumes MS Word. So far she was fine with pico, but now they want the kids to practice CTRL/B (bold), CTRL/I (italic), CTRL/U (underline). She really needs to use these particular combinations because that is how the on-line assessment tool is set out. I use nothing but vi, so have no clue which, if any, editor from ports/editors will have these particular combinations implemented. Please recommend one, preferably as simple and as small as possible. Thanks I am not certain, but I think it is possible to create your own keyboard maps in both joe and vim... -- --- Tim Daneliuk ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Cron Problems
I've recently installed a FreeBSD 9.0 jail server, and inside each of my jails I am getting the following errors in my log about every 5 minutes: cron[7635]: NSSWITCH(_nsdispatch): ldap, group, setgrent, not found, and no fallback provided cron[7635]: NSSWITCH(_nsdispatch): ldap, group, getgrent_r, not found, and no fallback provided cron[7635]: NSSWITCH(_nsdispatch): ldap, group, endgrent, not found, and no fallback provided cron[7635]: NSSWITCH(_nsdispatch): ldap, passwd, endpwent, not found, and no fallback provided /usr/sbin/cron[7673]: (CRON) WARNING (madvise() failed) I'm using nss_ldap and pam_ldap on these systems, so I suspect and error in my /etc/pam.d configuration or my nsswitch.conf configuration. I've added some configuration to /etc/pam.d/sshd and /etc/pam.d/other but have left the other files unmolested. Now, this seems like an nsswitch problem, but my nsswitch.conf is fairly straightforward: group: files ldap hosts: files dns networks: files passwd: files ldap shells: files services: files protocols: files rpc: files I'm able to get user ID information without a problem using id or finger. Authentication is working. LDAP groups are working. Pretty much everything seems like it ought to work, except for those error messages. I don't think this is a PAM issue, but just in case, here's my /etc/pam.d/sshd: authsufficient /usr/local/lib/pam_ldap.so authrequiredpam_unix.so account requiredpam_nologin.so account requiredpam_login_access.so account requiredpam_unix.so session requiredpam_permit.so passwordrequiredpam_unix.so no_warn try_first_pass And here is /etc/pam.d/other: authsufficient /usr/local/lib/pam_ldap.so authrequiredpam_unix.so no_warn try_first_pass account requiredpam_nologin.so account requiredpam_login_access.so account requiredpam_unix.so session requiredpam_permit.so passwordrequiredpam_permit.so I note that there is an /etc/pam.d/cron but it's not clear to me what I might add to this file, as it is quite different than the others: account requiredpam_nologin.so account requiredpam_unix.so So, what am I missing? -- Tim Gustafson t...@tgustafson.com http://tgustafson.com/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
modem
Well, I checked the log for ppp, nothing I could see. There's not much as I still can't send the modem an AT, so... --- On Tue, 3/4/12, tim smith timsmi...@yahoo.com wrote: From: tim smith timsmi...@yahoo.com Subject: modem To: freebsd-questions@freebsd.org Date: Tuesday, 3 April, 2012, 8:49 AM My us robotics serial modem worked without issue on previous freebsd versions. With 9, user ppp term, I get /dev/cuau0/ device failed to open Suggestions? Tim ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: fxp0 Link Going Up And Down
On 04/02/2012 03:52 PM, Mike Tancsa wrote: On 4/1/2012 4:21 PM, Tim Daneliuk wrote: I am seeing this intermittently: Apr 1 14:48:36 host kernel: fxp0: link state changed to DOWN Apr 1 14:52:27 host kernel: fxp0: link state changed to UP There were some fixes to the fxp driver on ~ March 26th that fixed the NIC bouncing up and down when it went into promisc mode. But those bounces were very short lived (a few seconds to transition). Your up/down events are minutes. Perhaps the cable modem is going into some sort of sleep mode ? Or perhaps just a hardware issue. If you can, I don't think so. The modem has a built in hub and I am not observing this problem on other devices plug in there. try and put a simple hub or switch between the cable modem and your NIC and see if you still get bounces. Also, there are many variants of fxp hardware. Post the output of egrep -i fxp|phy /var/run/dmesg.boot fxp0: Intel Pro/100 946GZ (ICH7) Network Connection port 0x1100-0x113f mem 0x9004-0x90040fff irq 20 at device 8.0 on pci4 miibus0: MII bus on fxp0 ukphy0: Generic IEEE 802.3u media interface PHY 1 on miibus0 ukphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto, auto-flow fxp0: Ethernet address: ... fxp0: [ITHREAD] and sysctl -a dev.fxp dev.fxp.0.%desc: Intel Pro/100 946GZ (ICH7) Network Connection dev.fxp.0.%driver: fxp dev.fxp.0.%location: slot=8 function=0 dev.fxp.0.%pnpinfo: vendor=0x8086 device=0x1094 subvendor=0x8086 subdevice=0x0001 class=0x02 dev.fxp.0.%parent: pci4 dev.fxp.0.int_delay: 1000 dev.fxp.0.bundle_max: 6 dev.fxp.0.rnr: 0 dev.fxp.0.stats.rx.good_frames: 2004295 dev.fxp.0.stats.rx.crc_errors: 0 dev.fxp.0.stats.rx.alignment_errors: 0 dev.fxp.0.stats.rx.rnr_errors: 0 dev.fxp.0.stats.rx.overrun_errors: 0 dev.fxp.0.stats.rx.cdt_errors: 0 dev.fxp.0.stats.rx.shortframes: 0 dev.fxp.0.stats.rx.pause: 0 dev.fxp.0.stats.rx.controls: 0 dev.fxp.0.stats.rx.tco: 0 dev.fxp.0.stats.tx.good_frames: 1701132 dev.fxp.0.stats.tx.maxcols: 0 dev.fxp.0.stats.tx.latecols: 0 dev.fxp.0.stats.tx.underruns: 0 dev.fxp.0.stats.tx.lostcrs: 0 dev.fxp.0.stats.tx.deffered: 0 dev.fxp.0.stats.tx.single_collisions: 0 dev.fxp.0.stats.tx.multiple_collisions: 0 dev.fxp.0.stats.tx.total_collisions: 0 dev.fxp.0.stats.tx.pause: 0 dev.fxp.0.stats.tx.tco: 0 Thanks for taking time to look into this... ---Mike This is observed both on some 8.2-STABLE and 8.3-PRERELEASE versions on the same server. I have replaced the ethernet cable as well as the device on the other end (a cable internet box), but the problem intermittently persists. It appears not to be a mechanical issue insofar as I can wiggle the cable at each end and not introduce this problem. fxp0 in this case is the on-board NIC of an Intel mobo. Ideas anyone? Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org -- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
modem
My us robotics serial modem worked without issue on previous freebsd versions. With 9, user ppp term, I get /dev/cuau0/ device failed to open Suggestions? Tim ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
fxp0 Link Going Up And Down
I am seeing this intermittently: Apr 1 14:48:36 host kernel: fxp0: link state changed to DOWN Apr 1 14:52:27 host kernel: fxp0: link state changed to UP This is observed both on some 8.2-STABLE and 8.3-PRERELEASE versions on the same server. I have replaced the ethernet cable as well as the device on the other end (a cable internet box), but the problem intermittently persists. It appears not to be a mechanical issue insofar as I can wiggle the cable at each end and not introduce this problem. fxp0 in this case is the on-board NIC of an Intel mobo. Ideas anyone? Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Editor With NO Shell Access?
On 03/13/2012 01:39 AM, Joshua Isom wrote: On 3/12/2012 5:23 PM, Polytropon wrote: On Mon, 12 Mar 2012 15:19:51 -0700, Edward M. wrote: On 03/12/2012 03:10 PM, Polytropon wrote: /etc/shells to work, but a passwd entry like bob:*:1234:1234:Two-loop-Bob:/home/bob:/usr/local/bin/joe I think this would not let the user to login,etc I'm not sure... I assume logging in is handled by /usr/bin/login, and control is then (i. e. after successful login) transferred to the login shell, which is the program specified in the shell field (see man 5 passwd) of /etc/passwd. How is login supposed to know if the program specified in this field is actually a dialog shell? From man 1 login I read that many shells have a built-in login command, but /usr/bin/login is the system's default binary for this purpose if the shell (quotes deserved if it is an editor as shown in my assumption) has no capability of performing a login. Are they logging in from the console or from ssh? If it's from a console, I'd send them directly into a jail with limited file system access, so that excecutables don't matter. If it's from ssh, I'd do the same thing. Assume they can break out of the editor or that something will happen. Make it minimalist about what they can do. Use the /rescue/vi in an empty jail with the files available. Don't think about changing editors, change the system. That's a really good idea, but we're talking about almost 1000 systems here. That's a whole bunch of configuration... -- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Editor With NO Shell Access?
I have a situation where I need to provide people with the ability to edit files. However, under no circumstances do I want them to be able to exit to the shell. The client in question has strong (and unyielding) InfoSec requirements in this regard. So ... are there editors without this feature? Can I compile something like joe or vi to inhibit this feature? TIA, -- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Editor With NO Shell Access?
On 03/12/2012 03:13 PM, Thomas Dickey wrote: On Mon, Mar 12, 2012 at 02:19:06PM -0500, Tim Daneliuk wrote: I have a situation where I need to provide people with the ability to edit files. However, under no circumstances do I want them to be able to exit to the shell. The client in question has strong (and unyielding) InfoSec requirements in this regard. So ... are there editors without this feature? Can I compile something like joe or vi to inhibit this feature? man vi (see -S) It turns out you can still work around this if your know the trick. I am still researching this, but restricted vi appears to be compromised. -- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Raspberry Pi
On 03/08/2012 12:46 PM, Chad Perrin wrote: On Thu, Mar 08, 2012 at 08:51:03AM +, Arthur Chance wrote: On 03/07/12 21:40, Chad Perrin wrote: If anyone has more information about planned BSD Unix ports to Raspberry Pi, or comes up with more in the next few weeks, I'd appreciate it if someone would let me know (perhaps with URIs or contact information for people and projects working on this). There was a discussion about it over on hackers@ last November. The thread starts at http://lists.freebsd.org/pipermail/freebsd-hackers/2011-November/036742.html TL;DR summary: some are wildly in favour of it, others are completely negative. I.e. the usual network response to anything :-} I'm curious about the reasoning for the negative. I'll have to go skim that thread. Thanks for pointing it out to me. The complaints seemed to center around a lack of docs, but I don't think this is still relevant. The fact that several Linux variants are ported suggests plenty of available doc. Also, there is a detailed doc on the Broadcom chip on the RP website. Now, if we could just actuall GET the silly things it would be nice :) -- --- Tim Daneliuk ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: semi OT: correct CIDR block?
On 03/05/12 09:30, Robert Huff wrote: With my brain still on EBADSLEEP, I cannot decide if: 10.0.0.32-10.0.0.63 is correctly described by: 10.0.0.32/27 Anyone? Please? Robert Huff ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org Network = 10.0.0.32 Usable IPs = 10.0.0.33 to 10.0.0.62 for 30 Broadcast = 10.0.0.63 Netmask = 255.255.255.224 Wildcard Mask = 0.0.0.31 Looks pretty good to me. Tim Kellers ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
FreeBSD And ARM
I'm not quite sure where to ask this so even a pointer to the right place would be appreciated: Is there any intent/work underway to port FBSD to the Raspberry PI ARM SBC? At $35 this thing looks perfect for firewall/DNS/dhcp boundary machines. Thanks, --- Tim Daneliuk ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org